Internet Security Research Group (ISRG), the nonprofit organization behind Let’s Encrypt, says the open certificate authority (CA) issued its three billionth certificate this year.
Let’s Encrypt has been providing websites with the X.509 digital certificates needed to enable HTTPS (SSL/TLS) and encrypted communications free of charge since September 2015, when it issued the first certificate for the helloworld.letsencrypt.org domain.
Starting with August 2018Let’s Encrypt has been directly trusted by all major browsers and operating systems and all major root certificate programs (including those from Microsoft, Google, Apple, Mozilla, Oracle, and Blackberry).
The free and automated CA allows any domain owner to obtain a trusted certificate at no cost. Right now, the AC says it’s issuing millions a day.
As ISRG revealed today, this helped it hit a new record this year, as it now provides services to over 300 million websites.
“As of November 1, 2022, Let’s Encrypt provides TLS to over 309 million domains via 239 million active certificates. Let’s Encrypt usage grew by over 33 million domains in 2022,” ISRG said today in its annual report 2022.
To get an idea of the scale of the CA and what drove its development team to further automate the issuance and renewal of certificates in early March 2020, it took revoke more than 3 million certificates due to a bug in its domain validation and issuance software.
This number represented approximately 2.6% of the approximately 116 million active certificates provided to websites worldwide.
Almost two years later, in January 2022, Let’s Encrypt announced that it would revoke millions of active SSL/TLS certificatesaffecting approximately 1% of all active Let’s Encrypt certificates.
“Since then, we have developed a specification to automate certificate renewal signals so that our subscribers can handle revocation/renewal events as easily as they can obtain certificates in the first place (this happens automatically in the background !),” Josh said. Aas, Executive Director of ISRG.
“This specification is making its way through the IETF standards process so the entire ecosystem can benefit from it, and we plan to deploy it to production at Let’s Encrypt soon.”